956 matches found
Design/Logic Flaw
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service...
CVE-2018-10864
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service...
CVE-2018-10864
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service...
CVE-2018-10864
Summary: CVE-2018-10864 affects Red Hat’s redhat-certification. The issue is an uncontrolled resource consumption in document loading, where an attacker can supply an existing but invalid XML file that is opened and never closed, potentially causing a Denial of Service. Root cause: improper handl...
redhat-certification: resource consumption in DocumentBase:loadFiltered
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service...
redhat-certification: /download allows to download any file
It was discovered that redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...
redhat-certification: rhcertStore.py: __saveResultsFile allows to write any file
It has been discovered that redhat-certification does not properly sanitize paths in rhcertStore.py:saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution...
Critical: Red Hat Security Advisory: redhat-certification security update
An update for redhat-certification is now available for Red Hat Certification for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue
Whether you’re just starting off in the cybersecurity field or are already working as a security professional, there are many certifications for you to consider across various specializations and difficulty levels. Not to mention certifications covering a range of disciplines and emerging securit...
Qualys Policy Compliance Notification: Policy Library Update
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...
CVE-2018-10870
redhat-certification does not properly sanitize paths in rhcertStore.py:saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution...
CVE-2018-10869
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...
Remote code execution
redhat-certification does not properly sanitize paths in rhcertStore.py:saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution...
Design/Logic Flaw
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...
CVE-2018-10869
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...
CVE-2018-10869
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...
CVE-2018-10870
redhat-certification does not properly sanitize paths in rhcertStore.py:saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution...
CVE-2018-10870
CVE-2018-10870 affects the Red Hat package redhat-certification. The issue is in rhcertStore.py:__saveResultsFile, which allows writing arbitrary files and can lead to remote code execution. Public sources (NVD, RHSA-2018:2373) describe the vulnerability as high/critical with network attack vecto...
CVE-2018-10869
The CVE-2018-10869 vulnerability affects redhat-certification and allows a remote attacker to download any file accessible by the web server user via the /download page due to improper access restriction. Red Hat’s RHSA-2018:2373 (and related advisories) document this issue and provide a security...
EU Cybersecurity Act IoT FAIL
The EU recently announced that its plans for a Cybersecurity Act had been backed by industry committee MEPs. This was a significant opportunity for consumer IoT security to be regulated and resolve the current mess. Sadly, they’ve stopped short and made the code voluntary for all but certain...